Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-426
Total 403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3357 3 Actian, Hp, Linux 3 Ingres, Hp-ux, Linux Kernel 2020-09-28 7.2 HIGH N/A
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
CVE-2017-11749 1 Internet-soft 1 Ftp Commander 2020-09-23 6.8 MEDIUM 7.8 HIGH
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.
CVE-2020-4545 1 Ibm 1 Aspera Connect 2020-09-09 9.3 HIGH 7.8 HIGH
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.
CVE-2020-9673 1 Adobe 1 Coldfusion 2020-09-04 4.4 MEDIUM 7.8 HIGH
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3768 1 Adobe 1 Coldfusion 2020-09-04 4.4 MEDIUM 7.8 HIGH
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-9672 1 Adobe 1 Coldfusion 2020-09-04 4.4 MEDIUM 7.8 HIGH
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-9798 2 Google, Mozilla 2 Android, Firefox 2020-08-24 5.8 MEDIUM 7.4 HIGH
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
CVE-2019-3648 1 Mcafee 3 Anti-virus Plus, Internet Security, Total Protection 2020-08-24 7.2 HIGH 6.7 MEDIUM
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
CVE-2019-13637 1 Logmeininc 1 Join.me 2020-08-24 9.3 HIGH 8.8 HIGH
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
CVE-2019-1010100 1 Akeo 1 Rufus 2020-08-24 6.8 MEDIUM 7.8 HIGH
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
CVE-2019-14599 1 Intel 1 Control Center-i 2020-08-24 4.6 MEDIUM 7.8 HIGH
Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-6724 4 Apple, Barracuda, Linux and 1 more 4 Mac Os X, Vpn Client, Linux Kernel and 1 more 2020-08-24 7.2 HIGH 7.8 HIGH
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
CVE-2019-9492 2 Microsoft, Trendmicro 2 Windows, Officescan 2020-08-24 4.6 MEDIUM 7.8 HIGH
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
CVE-2019-11351 1 Teamspeak 1 Teamspeak 2020-08-24 9.3 HIGH 8.8 HIGH
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVE-2017-12892 1 Foxitsoftware 1 Pdf Compressor 2020-08-19 6.8 MEDIUM 7.8 HIGH
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
CVE-2017-11657 1 Dashlane 1 Dashlane 2020-08-19 4.4 MEDIUM 7.3 HIGH
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVE-2016-9274 1 Git For Windows Project 1 Git For Windows 2020-08-13 4.4 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
CVE-2010-3159 1 Ponsoftware 1 Explzh 2020-08-12 6.9 MEDIUM N/A
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
CVE-2020-8317 1 Lenovo 1 Drivers Management 2020-07-29 6.9 MEDIUM 7.8 HIGH
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
CVE-2020-15009 1 Asus 1 Screenpad2 Upgrade Tool 2020-07-29 4.4 MEDIUM 7.8 HIGH
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.